<VirtualHost *>
    ServerName {{ inventory_hostname }}

    WSGIDaemonProcess koschei user=koschei group=koschei threads=5 home=/usr/share/koschei

    WSGIScriptAlias /koschei /usr/share/koschei/koschei.wsgi
    Alias /koschei/static /usr/share/koschei/static/
    RewriteEngine on
    RewriteRule ^/koschei/documentation/?$ https://fedoraproject.org/wiki/Koschei [R=301,L]

    <Directory /usr/share/koschei>
        WSGIProcessGroup koschei
        WSGIApplicationGroup %{GLOBAL}
        Options All
        AllowOverride All
        Require all granted
    </Directory>

    OIDCRedirectURI "{{ koschei_topurl }}/login/redirect_uri"
    OIDCProviderMetadataURL "https://{{ koschei_oidc_provider }}/openidc/wellknown_openid_configuration"
    OIDCClientID "koschei"
    OIDCClientSecret "{{ koschei_oidc_client_secret }}"
    OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret }}"
    OIDCSSLValidateServer On
    OIDCResponseType "code"

    OIDCScope "openid profile"

    <Location /koschei/login>
        AuthType openid-connect
        Require valid-user
    </Location>
</VirtualHost>
